Top Tips: Dual-Use Devices in the Workplace

Authors

Related Practices

Blog Topics

Increasingly, companies are permitting employees to access corporate e-mail, calendars, contacts and other information using personal smartphones or tablets. This practice commonly is referred to as “dual-use devices” or “bring your own device.” Despite the growing prevalence of dual-use devices in the workplace, most companies lack adequate policies, procedures, and information technology systems to manage them.

Dual-use devices facilitate convenience and productivity, but they can cause problems for the employer. What happens when an employee: views inappropriate content on the device, refuses the employer access to the device during an internal investigation or litigation, loses the device, inadvertently grants an application provider access to confidential data, resigns with confidential information on his or her phone? The list goes on and on….

Here are some top tips for reducing risks in the workplace:

Limit eligibility of “bring your own devices” to specific categories of employees.

Require that your information technology department be permitted to set security that employees are prohibited from disabling or modifying.

Restrict corporate resources that can be accessed on dual-use devices and storage of corporate information on dual-use devices (e.g., e-mail, calendar and contacts only).

Ensure your handbook is written to make dual-use devices subject to all relevant corporate policies.

Have employees sign a Personal Device Agreement.

Conduct training for employees on the security requirements for dual-use devices.

Warn employees that dual-use devices will be monitored when connected to the network.

Prohibit simple passwords.

Remind employees that dual-use devices (and any password) must be provided for inspection, upon reasonable request, for company investigations and to implement a litigation hold.

Require that employees immediately report any lost or stolen device.

Obtain agreement of employees utilizing dual-use devices to remotely “wipe” them in the event of loss, theft, or termination of employment.